Add load public key test (#988)

ansible · Apr 10, 2024 · 8ab3350 · 8ab3350
1 parent 5b2bbf5
commit 8ab3350
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 3 deletions.
diff --git a/pkg/certificates/ca.go b/pkg/certificates/ca.go
@@ -239,8 +239,8 @@ func LoadPrivateKey(filename string, osWrapper Oser) (*rsa.PrivateKey, error) {
 }
 
 // LoadPublicKey loads a single RSA public key from a file.
-func LoadPublicKey(filename string) (*rsa.PublicKey, error) {
-	data, err := LoadFromPEMFile(filename, &OsWrapper{})
+func LoadPublicKey(filename string, osWrapper Oser) (*rsa.PublicKey, error) {
+	data, err := LoadFromPEMFile(filename, osWrapper)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/certificates/ca_test.go b/pkg/certificates/ca_test.go
@@ -1309,3 +1309,90 @@ func TestLoadPrivateKey(t *testing.T) {
 		})
 	}
 }
+
+func TestLoadPublicKey(t *testing.T) {
+	type args struct {
+		filename string
+	}
+
+	errorSettingUpTypeFormatString := "Error setting up %s: %v"
+
+	positivePublicKeyFilename := "public_key_test_filename"
+	goodPublicKey, err := setupGoodPublicKey()
+	if err != nil {
+		t.Errorf(errorSettingUpTypeFormatString, "public key", err)
+	}
+
+	negativeMultipleItemFilename := "negative_multiple_item_test"
+	multiplePublicKeys := setupGoodPublicKeyPEMData()
+	multiplePublicKeys = append(multiplePublicKeys, multiplePublicKeys[0])
+
+	negativeNoPublicKeyFilename := "negative_no_public_key_test"
+	noPublicKey := []byte{
+		0, 0, 0, 0,
+	}
+
+	tests := []struct {
+		name                   string
+		args                   args
+		wantOserReadfileArg    string
+		wantOserReadfileResult []byte
+		want                   *rsa.PublicKey
+		wantErr                bool
+	}{
+		{
+			name: "Positive Private Key",
+			args: args{
+				filename: positivePublicKeyFilename,
+			},
+			wantOserReadfileArg:    positivePublicKeyFilename,
+			wantOserReadfileResult: setupGoodPublicKeyPEMData(),
+			want:                   goodPublicKey,
+			wantErr:                false,
+		},
+		{
+			name: "Negative multi item test",
+			args: args{
+				filename: negativeMultipleItemFilename,
+			},
+			wantOserReadfileArg:    negativeMultipleItemFilename,
+			wantOserReadfileResult: multiplePublicKeys,
+			want:                   nil,
+			wantErr:                true,
+		},
+		{
+			name: "Negative no private key test",
+			args: args{
+				filename: negativeNoPublicKeyFilename,
+			},
+			wantOserReadfileArg:    negativeNoPublicKeyFilename,
+			wantOserReadfileResult: noPublicKey,
+			want:                   nil,
+			wantErr:                true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctrl := gomock.NewController(t)
+			defer ctrl.Finish()
+
+			o := mock_certificates.NewMockOser(ctrl)
+			o.
+				EXPECT().
+				ReadFile(gomock.Eq(tt.wantOserReadfileArg)).
+				Return(tt.wantOserReadfileResult, nil).
+				Times(1)
+
+			got, err := certificates.LoadPublicKey(tt.args.filename, o)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("LoadPublicKey() error = %v, wantErr %v", err, tt.wantErr)
+
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("LoadPublicKey() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/pkg/workceptor/workceptor.go b/pkg/workceptor/workceptor.go
@@ -220,7 +220,7 @@ func (w *Workceptor) VerifySignature(signature string) error {
 	if w.VerifyingKey == "" {
 		return fmt.Errorf("could not verify signature: verifying key not specified")
 	}
-	rsaPublicKey, err := certificates.LoadPublicKey(w.VerifyingKey)
+	rsaPublicKey, err := certificates.LoadPublicKey(w.VerifyingKey, &certificates.OsWrapper{})
 	if err != nil {
 		return fmt.Errorf("could not load verifying key file: %s", err.Error())
 	}